Canada’s cybersecurity agency has issued a critical alert regarding active cyberattacks targeting on-premises Microsoft SharePoint Servers. The vulnerability, identified as CVE-2025-53770, allows unauthorized attackers to execute code remotely by exploiting a flaw in how SharePoint handles untrusted data. While Microsoft SharePoint Online (part of Microsoft 365) remains unaffected, organizations using on-premises versions are urged to act immediately to protect sensitive data and infrastructure.
Microsoft and the Canadian Centre for Cyber Security (Cyber Centre) are advising IT teams to verify the presence of suspicious files—such as spinstall0.aspx—and monitor network activity for signs of exploitation. The Cyber Centre has confirmed that attacks are already occurring within Canada, and Microsoft is working on a security update. In the meantime, organizations should follow mitigation steps outlined in the official alert, including reviewing IIS logs and blocking known malicious IP addresses.
This incident underscores the growing risks associated with unpatched systems and the importance of proactive cybersecurity measures. Businesses are encouraged to review their SharePoint deployments, apply all available updates, and consult with cybersecurity professionals to ensure their environments are secure. For more details and technical guidance, visit the Cyber Centre’s official alert.
Original article courtesy of GlobalNews.ca
Enhance Your Business Security with Expert Cybersecurity Solutions. Click here to learn more and download shawcsIT’s free services overview catalogue.